MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby WAYNETHEPAIN » January 24th, 2015, 5:57 pm

I have a hijack virus, I have done a full system restart deleting all of my files (except for this persistent virus) and whenever I see a suspicious file I delete it. Here's one I'm not sure about "regid.1991-06.com.microsoft" located in "C:\ProgramData" Since I have deleted the below files I haven't seen any, however I know it is only a matter of time. Can someone help?

Here are the files I mentioned above.


Here's your log stuffs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by wfowl_000 (administrator) on Big_Papa on 24-01-2015 16:02:59
Running from C:\Users\wfowl_000\Downloads
Loaded Profiles: wfowl_000 (Available profiles: wfowl_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\\AsusWSWinService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files\ASUS\ASUS GPU Tweak\GPUTweak.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\\AsusWSPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2393032 2014-07-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3245832 2014-06-10] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-14] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [ASUS ROG MacroKey] => C:\Program Files (x86)\ASUS\ASUS ROG MacroKey\Hid.exe [2036224 2014-06-19] (ASUS)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [771240 2015-01-24] (Webroot)
HKU\S-1-5-21-416021114-3322899447-2285446461-1001\...\MountPoints2: {0a8ef5f2-2fca-11e4-8253-806e6f6e6963} - "D:\WRSetupCD.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-416021114-3322899447-2285446461-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-416021114-3322899447-2285446461-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-416021114-3322899447-2285446461-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Tcpip\Parameters: [DhcpNameServer]

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/", ""
CHR Profile: C:\Users\wfowl_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\wfowl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Angry Birds) - C:\Users\wfowl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-24]
CHR Extension: (Google Docs) - C:\Users\wfowl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-24]
CHR Extension: (Google Drive) - C:\Users\wfowl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\wfowl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-24]
CHR Extension: (YouTube) - C:\Users\wfowl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-24]
CHR Extension: (Google Search) - C:\Users\wfowl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-24]
CHR Extension: (Google Sheets) - C:\Users\wfowl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Black & white theme) - C:\Users\wfowl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmohofkmppcgglcmlccpbokkkefigipi [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\wfowl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\wfowl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-24]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.2.42.crx [2015-01-24]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-01-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\\AsusWSWinService.exe [71680 2014-02-24] (ASUS Cloud Corporation) [File not signed]
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [102152 2014-06-10] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-06-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1700296 2014-07-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21680584 2014-07-03] (NVIDIA Corporation)
S3 ThunderboltService; C:\Program Files\Intel\Thunderbolt Software\tbtsvc.exe [1179944 2014-05-13] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-05-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-15] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [771240 2015-01-24] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7546544 2014-08-29] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [21448 2014-07-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-05-15] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2015-01-24] (Webroot)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 17:16 - 2015-01-24 17:16 - 00028672 ___SH () C:\WINDOWS\system32\config\BCD-Template.LOG
2015-01-24 15:56 - 2015-01-24 15:56 - 00000000 ____D () C:\Users\wfowl_000\AppData\Local\lptmp312454404
2015-01-24 15:55 - 2015-01-24 15:55 - 00153256 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2015-01-24 15:55 - 2015-01-24 15:55 - 00114176 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2015-01-24 15:55 - 2015-01-24 15:55 - 00103816 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-01-24 15:55 - 2015-01-24 15:55 - 00000761 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-01-24 15:55 - 2015-01-24 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2015-01-24 15:55 - 2015-01-24 15:55 - 00000000 ____D () C:\Program Files\Webroot
2015-01-24 15:52 - 2015-01-24 16:01 - 00000000 ____D () C:\ProgramData\WRData
2015-01-24 15:36 - 2015-01-24 15:36 - 00000000 __SHD () C:\Users\wfowl_000\AppData\Local\EmieUserList
2015-01-24 15:36 - 2015-01-24 15:36 - 00000000 __SHD () C:\Users\wfowl_000\AppData\Local\EmieSiteList
2015-01-24 15:25 - 2015-01-24 16:03 - 00015604 _____ () C:\Users\wfowl_000\Downloads\FRST.txt
2015-01-24 15:25 - 2015-01-24 16:03 - 00000000 ____D () C:\FRST
2015-01-24 15:24 - 2015-01-24 15:24 - 02129920 _____ (Farbar) C:\Users\wfowl_000\Downloads\FRST64.exe
2015-01-24 14:55 - 2014-12-31 06:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-24 14:47 - 2015-01-24 15:23 - 00000000 ____D () C:\Users\wfowl_000\AppData\Roaming\uTorrent
2015-01-24 14:44 - 2015-01-24 14:44 - 00002277 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-24 14:44 - 2015-01-24 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-24 14:43 - 2015-01-24 15:48 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 14:43 - 2015-01-24 14:48 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 14:43 - 2015-01-24 14:44 - 00000000 ____D () C:\Users\wfowl_000\AppData\Local\Google
2015-01-24 14:43 - 2015-01-24 14:44 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-24 14:43 - 2015-01-24 14:43 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-24 14:43 - 2015-01-24 14:43 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 14:43 - 2015-01-24 14:43 - 00000000 ____D () C:\Users\wfowl_000\AppData\Local\Deployment
2015-01-24 14:43 - 2015-01-24 14:43 - 00000000 ____D () C:\Users\wfowl_000\AppData\Local\Apps\2.0
2015-01-24 14:40 - 2015-01-24 15:47 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-416021114-3322899447-2285446461-1001
2015-01-24 14:40 - 2015-01-24 14:40 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-01-24 14:39 - 2015-01-24 14:39 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D744380D-4845-4AF7-84B9-C9F261BD4FEB}
2015-01-24 14:39 - 2015-01-24 14:39 - 00000000 ____D () C:\Users\wfowl_000\AppData\Roaming\WebStorage
2015-01-24 14:37 - 2015-01-24 14:37 - 00000000 __RDO () C:\Users\wfowl_000\OneDrive
2015-01-24 14:36 - 2015-01-24 14:36 - 00000157 _____ () C:\Users\Public\GPUControlSetting.xml
2015-01-24 14:35 - 2015-01-24 15:42 - 00000000 ____D () C:\Users\wfowl_000\AppData\Local\PackageStaging
2015-01-24 14:35 - 2015-01-24 14:35 - 00001444 _____ () C:\Users\wfowl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-24 14:35 - 2015-01-24 14:35 - 00000196 _____ () C:\WINDOWS\FixPatch.log
2015-01-24 14:35 - 2015-01-24 14:35 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-01-24 14:35 - 2015-01-24 14:35 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-01-24 14:35 - 2015-01-24 14:35 - 00000000 ____D () C:\Users\wfowl_000\Documents\Bluetooth Exchange Folder
2015-01-24 14:35 - 2015-01-24 14:35 - 00000000 ____D () C:\Users\wfowl_000\AppData\Roaming\ASUS
2015-01-24 14:35 - 2015-01-24 14:35 - 00000000 ____D () C:\Users\wfowl_000\AppData\Roaming\Adobe
2015-01-24 14:35 - 2015-01-24 14:35 - 00000000 ____D () C:\Users\wfowl_000\AppData\Local\VirtualStore
2015-01-24 14:35 - 2015-01-24 14:35 - 00000000 ____D () C:\Users\wfowl_000\AppData\Local\Broadcom
2015-01-24 14:35 - 2015-01-24 14:35 - 00000000 ____D () C:\ProgramData\USBChargerPlus
2015-01-24 14:34 - 2015-01-24 15:42 - 00000000 ____D () C:\Users\wfowl_000\AppData\Local\Packages
2015-01-24 14:34 - 2015-01-24 14:37 - 00000000 ____D () C:\Users\wfowl_000
2015-01-24 14:34 - 2015-01-24 14:36 - 00000000 ____D () C:\Users\wfowl_000\AppData\Local\NVIDIA Corporation
2015-01-24 14:34 - 2015-01-24 14:34 - 00000020 ___SH () C:\Users\wfowl_000\ntuser.ini
2015-01-24 14:34 - 2015-01-24 14:34 - 00000000 ____D () C:\Users\wfowl_000\AppData\Local\NVIDIA
2015-01-24 14:34 - 2014-05-15 00:36 - 00000000 ___RD () C:\Users\wfowl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-24 14:34 - 2014-03-18 05:33 - 00000000 ___RD () C:\Users\wfowl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-24 14:34 - 2014-03-18 05:13 - 00000369 _____ () C:\Users\wfowl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-01-24 14:34 - 2014-03-18 05:13 - 00000369 _____ () C:\Users\wfowl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-01-24 14:34 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\wfowl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-24 14:34 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\wfowl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 17:16 - 2013-08-22 10:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-01-24 16:26 - 2014-03-18 05:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-24 16:17 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-24 16:17 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-24 16:17 - 2013-08-22 09:44 - 00335784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-24 16:17 - 2013-08-22 08:36 - 00000000 __RHD () C:\Users\Default
2015-01-24 16:01 - 2014-08-29 17:20 - 00314173 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-24 15:47 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-24 14:40 - 2013-08-22 09:46 - 00018820 _____ () C:\WINDOWS\setupact.log
2015-01-24 14:35 - 2014-05-15 00:37 - 00000000 ____D () C:\WINDOWS\Panther
2015-01-24 14:35 - 2014-05-14 23:58 - 00000000 ____D () C:\WINDOWS\Log

==================== Files in the root of some directories =======

2015-01-24 15:56 - 2015-01-24 15:56 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-24 16:16

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by wfowl_000 at 2015-01-24 16:03:14
Running from C:\Users\wfowl_000\Downloads
Boot Mode: Normal

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS Gaming Center (HKLM-x32\...\{23C8A788-4790-4F3C-B103-0ACC7D9DC5BE}) (Version: 1.0.2 - ASUS)
ASUS GPU Tweak (HKLM\...\{7353D4C7-43E9-46A3-A1FF-79DD94A386F2}) (Version: 1.0.10 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.9 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS ROG MacroKey (HKLM-x32\...\{348022C5-F497-4333-AFEE-208F22F169F2}_is1) (Version: - )
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0036 - ASUS)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: - Broadcom Corporation)
ELAN Touchpad (HKLM\...\Elantech) (Version: - ELAN Microelectronic Corp.)
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: - WildTangent, Inc.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: - Intel Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA GeForce Experience 2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 333.37 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.37 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Thunderbolt(TM) Software (HKLM\...\{BED2816F-D47A-41DA-AFCF-44E1B257C368}) (Version: - Intel(R) Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: - Webroot)
WebStorage (HKLM-x32\...\WebStorage) (Version: - ASUS Cloud Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: - Broadcom Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: - WildTangent)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {044C988A-B1DF-4336-B05E-D8D637B5D479} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
Task: {0C2DEDF3-2ED6-4651-B782-4D71759B7942} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)
Task: {0C7FBE1F-6F61-45CE-B264-1129895BD8D9} - System32\Tasks\ASUS GPUTweak => C:\Program Files\ASUS\ASUS GPU Tweak\GPUTweak.exe [2014-04-22] (ASUS)
Task: {3F133DF7-5A4B-4F91-B231-BF2B32B5E39E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
Task: {3F5A75D6-08B9-4318-B5B9-14A41772B71B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {45635943-8E97-440B-B448-5ACD6E27039E} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-04-11] ()
Task: {5B53CFB2-982E-4A95-8736-38D78AEACEC0} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {6B60A110-8B5C-4D6D-9E67-F5DB02A58625} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-01-24] ()
Task: {7E55357E-6B5F-4BFF-9181-EE16D293DB1B} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-06-12] (Realtek Semiconductor)
Task: {8D39B183-1131-431A-9AA9-6AAB95C85AA7} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-01-24] ()
Task: {96355E14-5E58-42A1-8980-E6C2E9704BD1} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {A34653DD-6A87-4096-A473-35AB304189C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-24] (Google Inc.)
Task: {BF4ED879-21B2-44DD-A524-DDAD452DBB7B} - System32\Tasks\Gaming Center => C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe [2014-04-30] (ASUSTek Computer Inc.)
Task: {C0D0AAE2-CB2E-411F-BD2F-A125B5D3A11D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-06-13] (Realtek Semiconductor)
Task: {D1576B3E-9E6F-4865-AD18-781E506B699E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {D3DA8E16-F2D0-439B-828B-5C7B2FCEC2C4} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {F195A2E8-BE65-4FB0-9247-F9645412893C} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {F4CB959F-D65A-4D6F-96EE-E0BF8B2E33A8} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-25] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-29 17:29 - 2014-07-07 17:16 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-18 23:48 - 2014-03-18 23:48 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-08-29 17:46 - 2014-02-25 22:13 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2014-04-22 13:12 - 2014-04-22 13:12 - 00011264 _____ () C:\Program Files\ASUS\ASUS GPU Tweak\WMIProc.dll
2014-04-22 13:12 - 2014-04-22 13:12 - 00320000 _____ () C:\Program Files\ASUS\ASUS GPU Tweak\NavpiWrapper.dll
2014-08-29 17:51 - 2013-05-15 16:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2014-02-24 05:59 - 2014-02-24 05:59 - 00109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\\ASUSWSHomeCloudAPI.dll
2012-03-07 21:27 - 2012-03-07 21:27 - 00016384 _____ () C:\Program Files (x86)\ASUS\WebStorage\\ACVsWin.dll
2014-08-29 17:37 - 2013-10-23 15:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-06-03 22:01 - 2014-06-03 22:01 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2015-01-24 14:44 - 2015-01-20 22:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-24 14:44 - 2015-01-20 22:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-24 14:44 - 2015-01-20 22:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
2015-01-24 14:44 - 2015-01-20 22:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\wfowl_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-416021114-3322899447-2285446461-500 - Administrator - Disabled)
Guest (S-1-5-21-416021114-3322899447-2285446461-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-416021114-3322899447-2285446461-1003 - Limited - Enabled)
wfowl_000 (S-1-5-21-416021114-3322899447-2285446461-1001 - Administrator - Enabled) => C:\Users\wfowl_000

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
Error: (01/24/2015 04:20:38 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: Unable to remove Windows Search Service indexed data for user '<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2015-01-24T21:20:38.000000000Z'/><EventRecordID>12</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Big_Papa</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4200690067005F0050006100700061005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>' in response to user profile deletion. Error code %2.


System errors:
Error: (01/24/2015 02:55:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.191.3199.0).

Error: (01/24/2015 04:16:45 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Microsoft Office Sessions:
Error: (01/24/2015 04:20:38 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2015-01-24T21:20:38.000000000Z'/><EventRecordID>12</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Big_Papa</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4200690067005F0050006100700061005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 8074.87 MB
Available physical RAM: 5711.11 MB
Total Pagefile: 9994.87 MB
Available Pagefile: 7263.69 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:910.4 GB) (Free:884.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: BBF4D803)

Partition: GPT Partition Type.

==================== End Of Log ============================
Active Member
Posts: 6
Joined: January 24th, 2015, 4:29 pm
Register to Remove

Unread postby Gary R » January 26th, 2015, 2:14 am

I see no signs of active Malware in the logs you've supplied, and I can find no definitive evidence that the files you say you have removed are malicious.

What makes you think you have a hijack infection ?
Gary R
Posts: 25903
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Unread postby WAYNETHEPAIN » January 26th, 2015, 2:01 pm

Actually I think I have removed the Hijack virus since my system restart, I may have been a bit paranoid seeing VigLink ads hyper linking words on this page, I didn't realize it was a service installed by the publisher. Thank you for the confirmation.
Unread postby Gary R » January 26th, 2015, 2:13 pm

You're welcome. :)

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
